Periodic Reporting for period 2 - INSPIRE-5Gplus (INtelligent Security and PervasIve tRust for 5G and Beyond)
Periodo di rendicontazione: 2021-05-01 al 2022-10-31
The communications infrastructure is essential for the functioning of a society and its economy, even more so since all the other critical infrastructures largely depend on it, including energy and water production and distribution, transports, health, public services, defence and finance. Its importance will grow exponentially with the advent of new 5G services that introduce massive and/or real-time M2M and IoT communications. Today, even short outages of the communications can have important negative impacts on society. These failures are due to natural causes, malfunctioning but also to deliberate cyber-attacks.
The objective of INSPIRE-5Gplus is to make a revolutionary shift in the 5G and beyond security vision by progressing 5G Security and by devising a smart, trustworthy and liability-aware 5G security platform for future connected systems, while contributing to its realization.
• Definition of a High Level Architecture (HLA) of a zero-touch end-to-end smart network and service security management framework that empowers not only protection but also addresses trustworthiness and liability in managing 5G network infrastructures across multiple domains.
• Definition of a set of security enablement technologies, having the potential to significantly contribute to 5G security evolution. Examples are Trusted Execution Environments, DLT, Liability and Root Cause Analysis, enablements related to network automation & zero touch management, SSLAs, and Multi-Domain security policies management.
• Specification and development of a set of enablers for the automatic and autonomic end-to-end and multi-domain security management based on security policies, SSLAs, optimisation of orchestration, the provisioning, and the chaining of virtualised security functions, micro-services, and virtualised network functions. AI and ML based methods and techniques have been developed to optimise and autonomies each of the prediction, detection, and mitigation processes in ZSM closed loops.
• Mechanisms to ensure trust in virtual networks, platforms, and functions, such as the use of certification techniques or Proof Of Transit or managing the trust in slices through the use of a blockchain. Liability mechanisms have also been explored and implemented in the same context, such as Root Cause Analysis in virtualized infrastructure or deep attestation which enables attesting the state of a system having multiple levels (HW, VM).
• Specification and development of examples of ZSM security management closed loops supporting proactive and reactive capabilities as well as trust and liability management in a multi-domain context.
• Definition of three demonstrators providing a complete implementation and validation of the High-Level Architecture capabilities based on validated KPIs.
• An integration and verification platform composed of 11 domains for developing and testing purposes.
• KPIs for security, trust and liability, and their relationship with the 5G PPP KPIs have been defined with a baseline of assessment criteria to be fulfilled by the INSPIRE-5Gplus enablers.
• The results of INSPIRE-5Gplus have been published in 45 conference and 20 journal papers, presented in several industrial events, and provided contributions for various standardisation bodies such as IETF/IRTF and ETSI.
• Business models for the project assets and solutions have been defined with an analysis of beneficial impact on SMEs, and transfer actions of the results to the business lines of industrial partners. A majority of the results will be exploited following an open-source model, which improves the adoption of the implemented security architecture by academia, SMEs and industry.
All these were implemented in security enablers and a set of models, necessary for achieving dynamic and automated security orchestration in virtualised and software defined networking environments.
The analysis of duality between trust and liability concepts has led to the identification of trust mechanisms and techniques to address threats and risks related to trust with a set of models and mechanisms for enabling liable end-to-end delivery and operation of 5G services. Methods and solutions to manage them in a multi-domain, multi-party, and multi-tenant context have been defined leading to innovative trust and liability enablers.
INSPIRE-5Gplus has actively contributed to joint 5G PPP Programme activities with participation to 9 working groups. INSPIRE-5Gplus introduced new opportunities for security vendors and service models based on Security as a Service and Software Defined Security, and new models ensuring Security and Service Level Agreements. They contribute to the strategic impacts of defining a 5G network security architecture and of core technological components, adaptability of security to dynamic and intensive communication infrastructures, solutions for the security, and trust and liability management of multi-tenant/ multi-domain virtualised networks, and novel business models enabling security, trust and liability. In addition, INSPIRE-5Gplus addresses important societal issues by greatly improving security and trust that is needed to obtain the safety and privacy of citizens; ensure the security of the society and its organisations.